CVE-2026-26825

A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xlsparseWorkBook and is triggered by uninitialized heap memory originating from the OLE layer ole2read. The flaw is detectable with MemorySanitizer MSAN and can lead to...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

EUVD-2026-34106

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftinner: Fix IPv6 innerthoff desync In nftinnerparsel2l3, when processing inner IPv6 packets, ipv6findhdr correctly computes the transport header offset traversing all extension headers, but the result is immediately...

CVE-2026-46244

The CVE-2026-46244 issue affects the Linux kernel netfilter nft_inner path. In nft_inner_parse_l2l3(), while handling inner IPv6 packets, ipv6_find_hdr() computes the transport header offset correctly across extension headers, but the code later overwrites this value with nhoff + sizeof(_ip6h) (4...

Linux Distros Unpatched Vulnerability : CVE-2026-10650

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lwssshparseplaintext of the file plugins/protocollwssshbase/sshd.c o...

PT-2026-46058

A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls parseWorkBook and is triggered by uninitialized heap memory originating from the OLE layer ole2 read. The flaw is detectable with MemorySanitizer MSAN and can lead t...

CVE-2026-10650

A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lwssshparseplaintext of the file plugins/protocollwssshbase/sshd.c of the component SSH Protocol Handler. Executing a manipulation of the argument msglen can lead to resource consumption. The attack may be...

CVE-2026-10650 warmcat libwebsockets SSH Protocol sshd.c lws_ssh_parse_plaintext resource consumption

A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lwssshparseplaintext of the file plugins/protocollwssshbase/sshd.c of the component SSH Protocol Handler. Executing a manipulation of the argument msglen can lead to resource consumption. The attack may be...

Malicious Package

Overview chai-parse is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious code in chai-parse (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e982bc5f531780656477d948f66ea8acd21d7a48da535ab8585599a21e6b358c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5169 Malicious code in chai-parse (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e982bc5f531780656477d948f66ea8acd21d7a48da535ab8585599a21e6b358c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

parse-nested-form-data security vulnerability

parse-nested-form-data is a form data parsing tool developed by Christian Schurr. Versions of parse-nested-form-data prior to 1.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of parseFormData, which did not filter or preserve attribute keys when parsing FormDat...

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the parseheader process. An attacker can inject arbitrary carriage return and line feed characters into HTTP headers by sending specially crafted percent-encoded values, potentially leading to response splitting or...

Information Exposure

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Information Exposure via the Did you mean ...? suggestions in GraphQL validation-error messages. An attacker can enumerate...

OESA-2026-2480 lwip security update

lwip is a small independent implementation of the TCP/IP protocol suite. Security Fixes: A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmpparseinboundframe of the file src/apps/snmp/snmpmsg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument...

[SECURITY] Fedora 43 Update: podofo-1.0.4-1.fc43

PoDoFo is a library to work with the PDF file format. The name comes from the first letter of PDF Portable Document Format. A few tools to work with PDF files are already included in the PoDoFo package. The PoDoFo library is a free, portable C++ library which includes classes to parse PDF files a...

SUSE CVE-2026-47104

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer...

CVE-2026-23679

libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength...

Mermaid 安全漏洞

Mermaid is an open-source application developed by mermaid-js. It uses text and code to create charts and visualizations. Versions of Mermaid prior to 10.9.6 and 11.15.0 have security vulnerabilities. These vulnerabilities arise from the use of the excludes property when rendering Gantt charts; i...

strongSwan 5.9.13 - libsimaka EAP-SIM/AKA heap buffer overflow

Exploit Title: strongSwan 5.9.13 - heap buffer overflow Date: 2026-05-13 Exploit Author: Lukas Johannes Moeller Vendor Homepage: https://www.strongswan.org/ Software Link: https://download.strongswan.org/strongswan-5.9.13.tar.bz2 Version: strongSwan length 4 - 4 without guarding against hdr-lengt...